Posts by Povl H. Pedersen 46 publicly visible posts • joined 23 Aug 2017
Why was all recipients visible in the first place ?
This would be illegal in civilized countries, and against OpSec in most countries.
BCC exists for a reason, but I know that Microsoft is hiding it. But people sending out mass mails should be taught. Or as they do in the military, promoted to the level where he makes least possible damage.
Cloud must be used right.
Any VM / lift&shit you buy will be way more expensive in the cloud. We used to say 8 hours/day was the break-even point and if your on-prem hardware lasts over 3 years, it was even less you could afford to run cloud.
But, some cloud services makes sense. Running scalable cloud apps, databases etc. And you should be aware what yopu get included. You don't need anybody maintaining the stuff below.
But infrastructure as a service is bad,.
Most users has NOT spent money in the App store.
If 15% is fair, then everybody could get 15% of their purchases back - limited by expiration of the claim.
And if 15% is fair, we need the same everywhere. Microsoft store, Epic store, Playstation Store etc. Personally I think it is dagerous to set a rate.
If developers are not happy, they just drop the Apple app store. And Apple will come to them if they want the product on the shelves.
Wrong architecture.
If you have as many locations as hotels, with frequent employee replacement, there is only one great solution.
That is the classic architecture. Some call it Mainframe, other calls it Citrix/Terminal server (with no Internet access from the remote desktop), yet other calls it WebApps.
There is NO reason why huge amounts of data should exist in a hotel branch, no way it should be exportable to a USB drive in a hotel near Kremlin. They are handling GDPR personal data, even sensitive data in some cases.
The only people who should have access to bulk data are IT staff at a central location, whose access is limited with MFA - preferable good MFA (Yubikey or equivalent).
Thus wrong design causes huge data loss thru a low level employee. Nothing new here. But I think EU should fine them 4% of their global turnover since it keeps happening, they clearly are not sufficient technical or organizational means in place, despite 2 earlier warnings.
Macintosh OS 1.0 to 7.x was written in Pascal, and all interfaces were Pascal, no matter what programming language you used.
OS X was a brand new OS.
Early 1980-ties I wanted the white Forth computer, looked like a ZX-81½ but with rubber keys, like they later came to the ZX Spectrum.
I doubt the ZX-81 with its 1kb of RAM had a C-based OS.
I have been programming in assembler, BCPL, C, C++, Pascal, Modula-2 and many more. I think I was introduced to Oberon at university. But programming languages comes and goes. C has stuck around forever.
Oat (roasted oat) with a bit of sugar and cold milk is pretty popular in places. I have eaten it on an almost daily basis for 50+ years.
Using heat to break down the good stuff is no good. Let the stomach have something harder to digest to work with. It is actually pretty healthy
NATO considers a cyuberattack on citricial infrastructure as a real attack, that invokes the paragraph 5 of NATO.
So that would be a war declaration against NATO.
But I think that Russia does not really have the capabilities they thought. Not hackers, and certainly not a good army.
Can't people see it ? This is a completely new invention.
All former works has had a frame or something making the computer define the desktop space needed.
This is completely different, here it is the desktop space of the keyboard that limits the computer size.
I still have my ZX81, it had like 40% of the desktop area behind/above the keyboard. That could be saved with the new Apple patent.
This is new true magic :-)
IBM - Inexperienced with Bad Management - That is what they want to be.
It is not old age that is a problem, it is management.
If you keep the old guy doing the same thing day after day, that is what he gets good at doing.
If the old guy has been problem solving each and every day, he is way better at that than people who have only 10 years experience.
IMHO experience is not to be underrated in IT. Or the bad influence of bad managers. There are few leaders out there, add many bosses and managers.And the bosses are not needed anywhere with educated staff. They can shout at recruits.
I expect the Indians has become too expensive for Indian banks.
When they are in competition with the rest of the world, they have to pay same prices as american companies.
So of course they will outsource and enjoy all the struggle with communications, outsourcing emplyees costing half but spending 10 times as many hours etc.
All managers knows it is better to pay 10 hours @ $20/hour for low quality than 2 hours at $50/hour for good quality. That is why they outsource in the first place. But they think that since IT is moving so slow, they save paying for all the idle time.
I think one important reason for Wireguard existing in the first place is that the Raspberry Pi series are one of the few ARM boards that does NOT do hardware crypto. So wireguard was written to get decent VPN performance on the RPi.
I use TV boxes instead, cheaper, faster, and with built-in MMC memory. And they can do hardware crypto, so no reason for me to sacrifice 1 CPU core for VPN when I can run it in hardware crypto.
WG was not written to negotiate encryption algo,
WG has its place. I use it in containers. But it is wasted if you have hardware crypto.
The problem is not credit cards. It is arcane payment terminals from the middle ages that are used in the UK.
In modern countries, the payment terminals can work in offline mode for at least a few thousand transactions. Of course there is a risk that payment will then be declined, but that is a risk that the store likely want to take if the alternative is losing business altogether.
The ESP-01 .. ESP32 series of boards are a fantastic IoT platform.
Typically used with Arduino, since there is nothing out there that just blows it away.
IoT is not big boards like the Pi. It is small boards, limited RAM, limited CPU (the ESP8266 is 80MHHz though).
We do not need anything like Android for that. Not sure if something minix/Linux like would even work. For the slow CPUs (Arduino), interrupts are used for data, not context switch, and for timing, every single CPU cycle counts. Just like the old days.
It is easy to learn, forces some indentation and stuff.
To me it is just another programming language, with its own HUGE set of modules/libraries. As OP wrote, the library is often a big help.
I have written a few small programs from scratch in Python, modified others.
Before Python. Perl was the language with the huge library of modules. Never felt other languages had quite as easy and centralized module library as these two.
Java I never really got to like, despite having written quite a bit of code in it back in the days.
Cloud has many advantages.
The biggest advantage is that it is not a headcount item, so you can not downsize management of the servers. Servers do get patched. No FUD can delay that. Bad code will break, but you have to adapt. Inside company walls - own servers - you would be forced to roll back.
But it is expensive, comes with very little support. But usually runs better than self-maintained.
I like cloud for many reasons, but there are also risks associated with it. You have to compare internal operations risks vs cloud operations + cloud risks.
Many companies outsources or goes cloud because they can not get qualified staff to run things on-site. Devops (the new word for the classic sysadm) people are a rarity.
No good app will have passwords.
It will at best have API keys that are hardwired, and likely changed for each release so they can be used to track releases in use.
The good things with API keys is, that they are applied before user validation, and before users gets their access token, giving them access to only their own data.
And you can block API keys, so basicly killing 1 version of the software only. Or throttle them. Or other interesting things.
Anything looking like a university should be aware, and do things the right way.
Again, everybody follows the small marketshare player Apple.
They sell less than 15% of all smart-phones, yet considered a monopoly. I guess they redefined what monopoly means :-)
Now, when will we get warnings in Windows about clipboard snooping ? Something Apple will warn about in next gen OS-X and iOS.
The US is trying to end up in a swedish situation.
To not make difference between people is pure socialism.
BlackLivesMatter are racists because they use skin color to promote their case. They should change their slogan to "All LivesMatter", and put action behind it, instead of meeting at virus spread meetings
There is a reason why we are many that tries to un-cloudify our products.
My Xiaomi is cloudsless thanks to valetudo.
All zigbee devices are controlled through zigbee2mqtt
All WiFi Switches runs Tasmota if they do not natives support MQTT.
My Visonic alarm system is networkable thanks to a $4 serial to Ethernet module and not the $250 cloud bridge.
And everything is controlled by Home Assistant
In case of comms lost, it likely has an emergency procedure. A few years ago, drones always entered into RTC mode (Return to China).
So look east, likely somewhere into Russia.
Still do not understand why loss of radio would cause loss of drone. As I would see it, it would either return to launch point, a preprogrammed coordinate set (maybe (0,0) if not set, or continue its operation for 90 hours, but then they would know where it is. Assume it lost GPS, then it should have another fallback option. Say land, continue straight ahead as best as it can using gyros, or maybe pup-up to a safe altitude before doing so.
They need eyes in the skies and ground search radar.
See the danish reporter here, Jesper Steinmetz. Full suit on top, reporting from the lawn in front of the white house.
As for trousers and footwear see the image in top of article.
https://www.independent.co.uk/news/weird-news/danish-tv-reporter-is-all-business-up-top-all-party-down-below-9633505.html
This is to get customers for AzureAD.
The great secret here is, that App password completely bypasses any OAuth2 requirement, MFA etc.
Whatever filtering you create, app password just bypasses it - At least until team Evil gets users to create one for them :-)
Even better than getting user consent in 3 clicks.
In the 80ties, I worked as a student at the campus Apple center, and later at the big Apple center in town.
We has harddisk issues as well. The Sony 20MB used in Macintosh SE/30 had lubrication that got thicker over time. So at some point, you could not let the computer stay without power over the weekend, or it would not boot monday morning.
First trouble shooting was to try to turn the whole computer 180 degrees back and forth more or less around the center of the harddrive. If that did not work, open the computer, out with the disk, and then in one hand twist it back and forth almost like making a milkshake. Then try to boot again.
It is unbelievable how many customers continue with the defective disk instead o just buying a new one. But SCSI disks where expensive at that time. And if not powered off, they could run for decades.
There are the ego type Rockstars, that gets their own isolated parts of the system, as nobody wantys to work with them. They are not really rockstars.
To me the Rockstar has a fanbase among the other developers, he is the one people comes to and asks for advice, and uses for sparring about new ideas. He is the one that will actually help the team as a whole, and communications is part of this. In a pure nerd group, comms is different than in a mixed skills group.
Current workplace has servicedesk people on duty 24/7.
People with knowledge are not on call. BUT, if things goes wrong, they will start calling managers, who then have to try to contact their employees. For now, there has always been someone who could help. And we are good at finding hacks to get things running until the right persons are available.
I have been guiding people over the phone from holidays in Italy. But I never bring a PC on holidays, so people can not expect more than that. And if it is work, I will usually answer only when it is convenient. So I mostly get SMS messages telling me to read mail.
BTW: After the on-call fees where suspended, all systems started to run much better during night. Now the people responsible did not want to get disturbed anymore.
Apple lost court case in Denmark some years back. They can not repair with used parts, and can not use refurbished phones for warranty replacement.
They will have to repair with new parts, or give you a replacement with only new parts aka new device.
Not all companies are happy about this. But when my Polar watch had issues, I got factory new electronics, in my scratched case. My running watch before that was a Garmin, where 3 refurbished replacements all had issues.
But in Denmark Apply supplies factory new replacement units.
How can you call Java popular ? Have you talked to a Java programmer recently ?
You might say it is one of the 3 most widespread languages (like diseases can be spread). But popular is a complete misconception.
For all that does not know, 9 out of 10 cases, AI stands for A-lot-of-Indians. They are cheaper to train, uses way less power, and generates results of the same quality as household AI available for decent money. It is real intelligence to substitute Indians for CPU.
Uganda has authorities that spies on people. I worked there for some months 20 years ago, when a shared 64kbit wireless high latency connection was great.
After I got home, I was actually approached by somebody who wanted to recruit me to do hacking and spying on behalf of the politicians / secret police units.
I contacted my home intelligence service, and was told that I could take the contract if I wanted, as this was not targeting NATO or our citizens. I decided against it. So yeah, most governements outside western europe spies on its citizens.
99% ? That is just like accuracy of policemen in the US.
99% of the bullets fired miss the target, and only 1% hits.
If the target is hit, he is by definition guilty of something that warranted his shooting. The US should shar forbidding unjust force.
I live in Denmark, and the law is there to protect the general public from danger, and the new thing is privacy.
We have a 5km NFZ around airport, 8km around military airports - They tend to fly a bit lower with jets. We can fly up to 100m outside cities, planes can go down to 150m - so 50m separation if everybody puhes it to the limit. 2km distance to medic heliports (typical at hospitals). 150m away from buildings, parks/beaches near built-up areas, larger roads (defined as speed limit 70 km/h or more), railways, traffic accidents, nature preserves etc. 50m away from non-spectating people, ships etc.
For indoor shows, there must be sufficient protection of spectators.
Rules are simple, a license is £2.00. Drones must be marked with owners registration number, name and phone number. And you must have insurance.
How can they even come up with an idea that evasive maneuvers should be predictable ?
Anything predictable is the the easiest to attack and kill. It should be completely unpredictable and crazy. It should be a surprise to any opponent or foreign AI (which usuaully means Alotof Indians).
The algoritms should be the most secret in the world, so will usually be outsourced to a contractor with development offices in Ukraine, Russia, India or China.
There is likely one secure solution out there, in the cheaper price range.
It is called Raspberry Pi ZeroW + camera.
Closed source solutions are crap, I have them, but on independent VLAN, and with no Internet access.
We need more open source cams. Most chinese cams are running Linux anyway, so it would be trivial for the vendors to publish specs on the DSP and camera hardware, and thus let us create open firmware.
The first to do it would get lots of business, but likely would suffer from customers not upgrading their crap as fast.
If somebody posts personal data about John Johnson on the blockchain, say for Bitcoin, how can John Johnson get it deleted ? This is also not possible.
I heard rumors that somebody who dislikes Bitcoin at some point upload a child pornographic image to the blockchain, basicly making the blockchain illegal material in most countries. Could have been government actor.
I still do not understand why all engines will have to be serviced in the country that is now Russias best friend. That alone is a risk. But maybe they can deliver the worst job at the lowest price ?
Don't have crityical stuff done south of the alps, it is just as bad as Americans having things done south of the border.
Must have been decided by Mr. Donald himself.
GDPR gives you 4 days to contact authorities after you have VERIFIED that a breach has taken place. There is no penalty for being slow to detect, or reading about your breach in media.
GDPR is mostly an excercise in getting documentation and processes in place, and very little about necesary technical controls.
NOT. To get access to the keychain you need:
icloud username and pasword
and a verified device with 2FA.
Then you can get access to the keychain.
The only thing you bypass is really the local device password of the device having keychain access. Is this a problem ? Not really, but it means I will take my non-pasword protected iPad that the children uses, and move it to a family account.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
